IT Sprendimai Verslui ir ne tik...

IT-auditing

INFORMATION SYSTEM AUDIT / AUDIT OF INFORMATION SYSTEMS

An importance of information system audit is extremely high as it helps to ensure a smooth operation of the systems as well as it promotes to a successfully functioning business. Assessing this services , it should be taken into account that  information system audit exactly allows You to evaluate whether such system is safe, whether data integrity is assured, it helps to achieve the aims of the company and rationally to use the resources.

As information system specialists say the most important mission of this audit is to estimate a management environment of information systems and reveal its improvement opportunities. This audit let to improve four major areas : eligibility, efficiency, data integrity and security.

 Classification of information system audit
Information system audit is dividing into two main types:

  1. Internal control assessment of information systems
  2. Information system operation audit

Each of these types analyzing different factors of information system. Internal control assessment of information systems includes IS general control assessment, IS development control assessment (period from system conception appearance to its legitimation) and applied program control assessment  (data entry, processing and storage).

Meanwhile IS operation audit includes efficiency, economy and potency of information systems.

 Information system audit performance

During information system audit must be evaluated the whole environment of applied program and general developed information system setting. All this process consists of  three main stages: audit planning-performance-observation.

Audit planning. By planning IS audit is mandatory should be taken into account the data importance of managed information resources and to introduce with the IS environment of a company. This process as usually has its usual sequence:

  • document analysis of IS is performed;
  • general control assessment is performed;
  • IS development control is planning;
  • applied program control evaluation is performed.

This process should be performed carefully and responsibly and based on special IS audit standards where is foreseen  planning processes of audit and provided recommendations.

Another important advice is to use a separate (an individual) IS audit planning questionnaire that is consisted on the basis of an appropriate methodology allowing to estimate  a management method entirety of information system.
Following steps by performing IS audit planning:

  1. IS general (overall) control ( information system feature compliance to company (business) mission, vision, values, purposes, strategies), IS development control (creation, installation, legitimation and control of information systems), applied program control (control measures (tools), customization of applied programs)
  2. Plan of works to be done (work volumes, deadlines, forms)
  3. An introduction with company activity and IS management
  4. Analysis of conclusions of a previous performed IS audit
  5. The setting of significance of IS audit
  6. Estimation of risk (Risk rating)
  7. Preparation of the final audit plan

After right planned and done IS audit You should have a properly functioning information system and may see its positive features (signs): positive feedbacks of consumers, reliability of a system, good integration with the other information systems, low costs of IS development and usage, quickly installed innovations, smooth partnership with the other IT service providers.

IS audit performance. This service is performed in order to collect (assemble) necessary information that helps to respond into basic company activity questions and let to improve it. In provided IS audit results must seen the conclusions of all process stages – planning of IS audit, audit performance and activity observation after this process.

Taking of it, IS audit should be performed under 3 aspects of evaluation : economy (whether the funds are distributed properly), efficiency (to receive the same quality results by having available resources) and potency (purposeful and professional usage of resources in order to achieve right results).

The essence of the process is to estimate whether information system is operating efficiently.If not, too much resources are expended aiming for planned purposes and then company may suffer losses. IS audit should have to solve smoothly such problem.

Activity observation after audit.      To implement IS audit is not enough. By taking required measures  is possible to remove found obstacles and problems as well as  to watch and take care of company activity after audit is already performed.This process must be implemented under  requirements and terms of various IS audit observation.

There is no doubt that IS audit helps to reveal IS operation process risks within controlling them on time. Moreover, such audit allows properly to plan further actions and investments.